over-react much? of course someone has made rainbow tables, so what? the lesson to be learned here is not that we should crucify brainwallet.org, it is that we should make strong passphrases.

theoretically possible. in practice though he has a better chance of being killed by a rogue meteor.

sounds like hes full of crap to me. it asks you to move your mouse around at the start inorder to seed entropy, so then for there to be an address collision like that i think he would have had to seed it with the exact same mouse inputs, which seems astronomically unlikely.


brainwallets are the best way to go in my opinion but you have to know how to make a good password and that takes some knowledge. Even a long password may still be broken if it is not a good password. And even a good password thats short may still be broken. Infact you could type in an entire paragraph from a book and it would probably be broken by someone using an algorythm that searched google for known literary phrases.

you have to understand that with brainwallets if someone is trying crack brain-wallets they are simultaneously trying to crack everyones on earth. This means that it can potentially be a lot more profitable to invest resources in cracking brainwallets than any one persons password for something.

So with that being said, if you decide to go the brain-wallet route this is how you do it:

First make a high entropy password. http://www.random.org/passwords/ can help with that. Write this down and store safely in multiple locations. give a copy to your grandma, hide a copy under the rug, but make sure it never becomes part of the public record. This part will protect you from brute forcers who are not targeting anyone in particular but all of the brainwallets in the world at the same time.

second make a medium entropy password. this is something that uses a real sentence with real words so that it is easy to remember but will never be part of the public record. For example "my pet gorilla snorts lemon powder when she thinks about her blue hair" its syntactically sound but semantically ridiculous. this part you NEVER write down or tell anyone about ever. it must only exist in your brain. this part will help to protect you against the brute forcers but also against someone who obtains the key you wrote down. so think like if the cops raided your house or something and got the high entropy password you got from random.com that key wouldnt be enough since you have this in your brain.

for the last part add something from the public record. things from the public used by themselves make very bad brainwallet passwords BUT in conjunction with things that are off the public record they can add a lot of security for almost no cost to your memory, since you dont have to remember the words themselves only where they are located. So for example you may take a common book and turn to a random page and use a short paragraph. now you may not remember what the words were exactly but you remember what book it was and about where it was in the book and what the paragraph was about and you can easily find it again.

Anyway i highly recommend this method and i highly recommend that in addition to writing down the high entropy password you work diligently on committing it to memory just incase. If you can do it right this is definitely the best way to store your btc because this way NO one can ever take them away from you. the government can take EVERYTHING away from you, your house, your bank accounts, your life savings, the contents of your safe, your clothes, they can even examine your rectum, and lock you in solitary confinement, and you will STILL be filthy rich, even after all of that. This is, more than anything, what makes bitcoins so valuable to me. You can have TRULY sovereign wealth even in a statist paradigm where the government has its slimy tentacles on every other aspect of our lives.

yep it will run it on your ram rather than your hard drive. just dont install it.

i thought about that also but then i thought, if he boots from the disk and makes is keypairs and then reboots his computer back to its normal partition without ever connecting to the internet, it should be fine for that purpose.

just make it yourself then, its super simple. If you have a 32 bit machine than download this iso http://www.ubuntu.com/start-download?distro=desktop&bits=32&release=lts If you have is 64 bit machine than use this link http://www.ubuntu.com/start-download?distro=desktop&bits=64&release=lts These are image files so just use a standard cd/dvd burning program to create an image disk using one of these two iso's. And thats it you have an ubuntu image disk.

Sure ok. So ill give you a description of the most secure way to do it. Well go right to the james bond level.

• Hover over this url https://bitaddress.org look in the bottom left corner of the screen to make sure it is honest
• Right click on that url and click save link as. Save it to a usb drive or something like that
• Boot ubuntu from your live cd (DO NOT CONNECT TO THE INTERNET)
• copy the bitaddress.org.htm file that you saved on your usb drive to your desktop
• open the bitaddress.org.htm file from your desktop
• go to the print paper wallet tab
• connect your pc to your printer using a usb cable and print the paper wallets (not wifi)
• (optional for extra security) clear your printer cache
• restart your computer
• send bitcoins to the address on your paper wallets in w/e denomination you like
• (recommended) laminate your paper wallets

hmm you are right. thats a really clever idea. Instead of having a network where its (basically) imposable to break the rules (like bitcoin) you could have a network with "police" who are rewarded if they catch that sort of activity and can prove it in an easily verifiable way by just recording the use of two signatures from the same public key.


that is definitely something to think about. partially it would be helped by the fact that this currency wouldn't have a steady rate of issuance forever. Perhaps this could be pushed further by having the reverse of how bitcoin issues currency. i.e. 50 early on, then 75 later, and finally 100 after a few years and it would stay at 100 forever.

though i dont think its a bad idea to idea allow transactions without fees to compete for transaction block authoring privilege because that would never happen. people would bid that space up to requiring a fee from day 1. Literally less than 24 hours after release free transactions would be a distant memory.

anyway thanks again etlase2. you have really been such a big help here. time to go meditate some more.

This idea was not part of the original specs so i have to admit i haven't really thought through everything here. I suppose what would happen is the runner up would go ahead and prepare the block just incase and if enough time passed that the network became suspicious of whether the first place winner was active, then they would become receptive to the block published by the runner up. If the runner up tried to publish their block right away it would not propagate because no one would be interested in it.

i see your point

yes this is probably right and it makes me sad. though if there was an elegant solution than this than this idea could offer great advantages. I'm going to keep thinking on it.

Unfortunately this would be REALLY hard to get distributed consensus on since their failed blocks would not be part of the blockchain.

Thankyou for this thoughtful post. its impressive how well you understand what im proposing. if i was in your position i dont think i would understand me as well as you understand me.

I've been thinking and thinking and thinking and the ONLY solution i can come up with is something like this.

If the winner of the randomly chosen key is not available than the runner up mints an insurance block, if the runner up is not available than 3rd place mints an insurance block ect... The next person in line must chose a block to build ontop of. If he publishes multiple transaction blocks the one that will be accepted as valid is the one thats key is furthest from matching its corresponding mining block. Inorder to incent him not to pick the one with the key that is closest to its hash, he would receive a bonus of newly issued currency. the closer the key of the block that he builds ontop of is to the hash of its corresponding mining block, the higher his bonus reward.

I know that was confusing as all hell. Now that i figured it out i think the next step is to figure out how to explain it better. It should be noted that this creates a situation where its possible to do what is functionally a 51% attack with less than 51% of the keys because the author of the block could always chose to sacrifice his bonus in exchange for deciding to mint ontop of one of his own keys. If my mathematical intuition is not wrong, an attacker would need 26% of the network to do what we think of traditionally as a 51% attack.

Still with that digression out of the way, since mining blocks would be SO tiny, block times could be REALLY like potentially <30 seconds per block fast, and the network would still tend towards unprecedented levels of decentralization so it may not be a devastating blow against the crypto. Then again maybe it is.

anyway lots more thinking to do. thanks for bringing up a really good point.

i wish i knew how to describe an idea for a new crypto succinctly.

As a note i should mention that the proposal may be broken. Im not sure yet but there may be a fatal flaw.

yes but only for the poor. there would be pressure against dust as well since block space would be limited and would need to be bid for and dusty transactions would be more expensive to process.

Kind of. The extra space that was left over and not used for legitimate transactions would all be consumed by prospectors only so long as the supply of space in the blockchain exceeded the demand for legitimate transactions. If that demand ever exceeded the supply than the prospectors would not find it profitable.


no. goods in a market economy tend not to go to the person with the greatest means, but rather they tend to go to the person who values them most. A rich person who wanted to flood with transactions just to mint more blocks would be outbid by a poor person who wanted to use that space for a legitimate transaction in addition to the advantage of potentially being able to mint a block. This would create unprecedented levels of decentralization.

Granted a rich person could do it just to be a jerk. but if he was self interested and profit seeking than he would not find it worth while to outbid people who wanted to use that space for legitimate transactions.

even if this is the product of a malicious attack it still makes it clear that the merged mining patch is necessary. the fact that he was able to bring the blockchain to a halt is pretty good evidence that his changes are worth while.

government cant "solve the bitcoin problem" by buying them all and destroying them or locking them up. they are far too divisible, all they would do is drive the price up which would be exactly contrary to their interest. it is however possible that they have been buying them up with the intention of pushing bitcoin someday.

as far as the chinese government is concerned this is probably exactly right.

ok ok now you are just playing symantic games. free market doesnt mean free to do anything you want. it means that people respect each others property, and exchanges generally only take place if both parties agree to them. this is what competing cryptobanks on the darkweb would be like. they wouldnt even know who each other were so they couldnt blow each other up even if they wanted.

i also think the bigger risk is not from someone who wants to profit directly from a doublespend, but someone who hold an even more significant stake in accompanying crypto. think USD or BTC.

A free market in competitive private currency issuers is what we are talking about here. Bitcoin makes that possible in a way that it never was before. This is not particularly analogous to nation states competing with each other because look what happened to gaddafi when he tried to create the gold dinar, that is very very far from a free market when you get blown to smithereens for making your currency something other than what america endorses.

done. it still need more work and reorganization but i have to think really hard about sangamans comments first.

it doesnt seem like it should be a hard problem to solve, but it is. thanks for bringing it up, im going to think on it for a while.

There is NO way this would fly as a fork. New coin definitely.

Well i can think of 2 possibilities.
One is that miners, instead of hashing empty blocks, hash the transaction block + previous hash + their public key + nonces. If they did this than the second closest (lets call him #2) could publish a transaction block in the hopes that the owner of the randomly chosen key (lets call him #1) was unavailable. I If it worked like this than if #1 returned in time to mint the block than #2's transaction block would be orphaned, otherwise the right to mint the new transaction block could default to #2. this is all wrong let me think on this some more

The other option is that miners do not hash transaction blocks, and instead just hash previous hashes + their public key, and if the owner of the randomly chosen key is off-line than everyone in the network just waits 4 minutes for a confirmation instead of 2.